In my head and partially on paper I'v worked out system that I think can
be effectively and securily used for opt-out and it has benefits of both
technologies #2, #3 and even #1 on my list. Here is how I imagine it:
---------------------------------------------------------------------------
1. Commercial emailers agree to general classification of email based on
subject of what is being advertised (i.e. for example adult, internet
services, other service, electronic goods, sports goods, etc)
2. There is setup a certain number of opt-out authoritive agencies probably
couple per region or country if necessary but not too many - i.e. dozen
worldwide is probably a max. Each agency may have its own AUP and its own
principals of operations (clearly published) and these agencies also deal
with handling of complaints (in fact user can not go to court when complaining
aboutg email and has to go through proper agency first).
3. Each mail server operator can choose one agency to handle commercial
email control on per-domain basis, this information is published through
special record in dns zone file in domain.
4. Users send their preferences for opt-out to their mail operator (see
below on how they can also do it directly to agency) if they participate
in this system and have this special dns record. The operator does not
send their actual email but instead encrypts it and sends SHA1 based hash
list to the agency (so agency does not actually have list of emails, this
all stays locally on mail server) and in addition sends a special set
of keys (either separate key on per-email basis or one global key for
entire domain).
5. When commercial mailer wants to send somebody an email, they check dns
for that domain and obtain id of the agency. They have to contact the
agency and got authorization to use its services (probably pay them too)
and agency needs to verify whatever it can about the commecial mailer.
Once verified commercial mailer is granted authorized access to agencie's
database and can verify email addresses.
6. Email addresses are verified through the agency on the basis of each
commercial email type that commercial mailer wants to send, i.e. it has to
specifically ask if user is opted out of receiving all adult emails. As an
answer agency provides special encrypted verification code, which is
actually encryption of DATE of the request for opt-out verification,
ID of the mass mailer (as listed in agencies database) and TYPE of email
mass mailer intended to send and FROM address of where email would come
from (as far as email of commercial mailer or their client). Each request
gives only limited time authorization to send email (say 1 month) and the
code is encrypted with the key that has been provided to the agency by
domain mail operator or end-user.
7. When commecial mail operator is sending email, they HAVE TO include
special header in the email indicating that this is commercial mail and of
what type and they HAVE TO include the verification code that they
received from the agency. When email is received, mail server operator can
use its key to decrypt the verficiation code and they can then verify that:
1. Email is sent no more then month after verification has been obtained
2. From email address email would have to come from
3. Type of this commercial email
In addition to that mail operator can check its database for updates for
opt-out preferences by this user. If between time opt-out verification by
commercial emailer was done and when email is received, user has changed
preferences and no longer wants to receive commercial email of this type,
then email would still need to be rejected with special REPLY and email
server operator must send updates to the agency so mass mailer could
verify that preferences have changed. Additional special rejection REPLY
is if user is opting out temporary (vacation) in this case time when the
black-out period is over should be sent to mass-emailer and they can
choose resent email after that time.
If there were no changes user opt-out preferences and they are in
accordinace with what is listed in verification code, then email has to be
"whitelisted" and accepted for delivery by mail operator.
8. A special case is allowed when mail server operator does not support
this opt-out system but user still wants it, then one particular agency is
considered to be default and user can contact it and send opt-out
preferences directly to that agency. Commercial mailers in abcense of
special dns record for opt-out agency for domain have to check this
default agency. In this case all verification of email is done on the
client MUA and it can accept email into proper user inbox, reject it, etc.
----------------------------------------------------------------------------
The above combines best of #2 and #3 from my notes, in particular having
central agency means mass-emailers are all authenticated and can not
easily verify all of their 100 million email addresses and even more
particularly because they say exactly what type of email they will send
and from who, their request is very specific and they can not assume user
opt-out preferences for different type of email. Plus having specific time
that they are given to send email means they have to do opt-out checks
often enough to catch all the changes and they have to stay a client of
the agency to continue to send email to user.
In addition to that all control of opt-out is really local and agency does
not even have your email address (for privacy reasons for example; though
they can obviously find it based on requests, but really they shouldn't be
doing it) and user can change preferences locally as well.
Verificaition code (its something similar to a stamp actually) provides
strong authentication control over email that is being sent and can be
used ONLY by the mass mailer that obtained it and can ONLY be verified by
the recepient.
Agency also shields acts to facilitate abuse control and shields commercial
mailers from potential legal action if they act properly. But it should
setup its own court-like system to hear officially filed abuse complaints
and if complaint is rejected user can go to court (same system as public
utilities commisions that regulate telcos in many us states). Agencies
can be specific to laws of particular region - i.e. agency for US, agency
for EU and can thus apply laws properly as are done in that region.
Ok, I'm done. Let me know what you think of this idea.
----
William Leibzon
Elan Communications Inc.
william(_at_)elan(_dot_)net
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg